Bug 1092945 – VUL-1: CVE-2017-18267: poppler: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file

Bug 1092945 - (CVE-2017-18267) VUL-1: CVE-2017-18267: poppler: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file

(CVE-2017-18267)
Summary:	VUL-1: CVE-2017-18267: poppler: The FoFiType1C::cvtGlyph function in fofi/FoF...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Peter Simons
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/205626/
Whiteboard:	CVSSv3:SUSE:CVE-2017-18267:3.3:(AV:L...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-05-11 14:09 UTC by Karol Babioch
Modified:	2021-12-01 21:12 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-05-11 14:09:13 UTC

CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through
0.64.0 allows remote attackers to cause a denial of service (infinite recursion)
via a crafted PDF file, as demonstrated by pdftops.

Upstream fix:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267
https://bugzilla.freedesktop.org/show_bug.cgi?id=103238

Comment 1 Karol Babioch 2018-05-11 14:13:46 UTC

All codestreams affected:

- SUSE:SLE-10-SP3:Update
- SUSE:SLE-11-SP1:Update
- SUSE:SLE-12:Update
- SUSE:SLE-12-SP2:Update

Comment 3 Swamp Workflow Management 2021-12-01 20:28:08 UTC

SUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server for SAP 15 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    poppler-0.62.0-4.6.1
SUSE Enterprise Storage 6 (src):    poppler-0.62.0-4.6.1
SUSE CaaS Platform 4.0 (src):    poppler-0.62.0-4.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 4 Swamp Workflow Management 2021-12-01 21:12:02 UTC

openSUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    poppler-0.62.0-4.6.1